ExpoMike
Well-known member
Just a heads up for the Mac users out there. Our security team just released this info and I thought others might want to know about this.
Current versions of the Flashback Trojan are leveraging vulnerabilities in Apple Java and do not require any user interaction or elevated privileges. While Apple released an update on April 3rd, many systems were infected prior to the update or remain vulnerable as the update hasn't been applied.
Apple is only providing Java updates for OS X Lion and Snow Leopard. If you are running anything older than Snow Leopard, you very likely are vulnerable and are strongly recommended to update to OS X Snow Leopard or LION or to disable Java. To verify your Java version, open a terminal window and type:
java -version
If you see any version number other than 1.6.0_31, you are vulnerable.
To disable Java, run the Java Preferences utility (in the Utilities folder) and uncheck all versions of Java that appear before closing the window. You can also disable Java within your browser to offer additional protection. See:
http://support.apple.com/kb/HT5241
Antivirus products can also provide some protection, but there have been reports that AV vendors have been slow to update signatures as Flashback variants mutate.
Apple has indicated that they will be releasing tools to detect and remove Flashback, but has not yet done so:
http://support.apple.com/kb/HT5244
Other detection/removal sites are referenced below, but there have been some reports that these tools may not detect all variants.
>From OSXDaily, "How to Check for the Flashback Trojan in Mac OS X":
http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in-mac-os-x/
Kaspersky Labs has released a tool that will check your hardware UUID against known infected systems:
http://flashbackcheck.com/
They also have a removal tool:
http://support.kaspersky.com/downloads/utils/flashfake_removal_tool.zip
>From MacUpdate:
http://www.macupdate.com/app/mac/42571/anti-flashback-trojan
Another removal tool:
http://etresoft.org/freeware/MalwareChecker.zip
Current versions of the Flashback Trojan are leveraging vulnerabilities in Apple Java and do not require any user interaction or elevated privileges. While Apple released an update on April 3rd, many systems were infected prior to the update or remain vulnerable as the update hasn't been applied.
Apple is only providing Java updates for OS X Lion and Snow Leopard. If you are running anything older than Snow Leopard, you very likely are vulnerable and are strongly recommended to update to OS X Snow Leopard or LION or to disable Java. To verify your Java version, open a terminal window and type:
java -version
If you see any version number other than 1.6.0_31, you are vulnerable.
To disable Java, run the Java Preferences utility (in the Utilities folder) and uncheck all versions of Java that appear before closing the window. You can also disable Java within your browser to offer additional protection. See:
http://support.apple.com/kb/HT5241
Antivirus products can also provide some protection, but there have been reports that AV vendors have been slow to update signatures as Flashback variants mutate.
Apple has indicated that they will be releasing tools to detect and remove Flashback, but has not yet done so:
http://support.apple.com/kb/HT5244
Other detection/removal sites are referenced below, but there have been some reports that these tools may not detect all variants.
>From OSXDaily, "How to Check for the Flashback Trojan in Mac OS X":
http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in-mac-os-x/
Kaspersky Labs has released a tool that will check your hardware UUID against known infected systems:
http://flashbackcheck.com/
They also have a removal tool:
http://support.kaspersky.com/downloads/utils/flashfake_removal_tool.zip
>From MacUpdate:
http://www.macupdate.com/app/mac/42571/anti-flashback-trojan
Another removal tool:
http://etresoft.org/freeware/MalwareChecker.zip